[clang] [clang][analyzer] Fix the false positive ArgInitializedness warning on unnamed bit-field (PR #145066)

Wed Jun 25 07:57:39 PDT 2025

================
@@ -2122,8 +2122,21 @@ SVal RegionStoreManager::getBindingForField(RegionBindingsConstRef B,
   if (const std::optional<SVal> &V = B.getDirectBinding(R))
     return *V;
 
-  // If the containing record was initialized, try to get its constant value.
+  // UnnamedBitField is always Undefined unless using memory operation such
+  // as 'memset'.
+  // For example, for code
+  //    typedef struct {
+  //      int i  :2;
+  //      int    :30;  // unnamed bit-field
+  //    } A;
+  //    A a = {1};
+  // The bits of the unnamed bit-field in local variable a can be anything.
   const FieldDecl *FD = R->getDecl();
+  if (FD->isUnnamedBitField()) {
+      return UndefinedVal();
+  }
+
+  // If the containing record was initialized, try to get its constant value.
----------------
steakhal wrote:

Assuming the `CallAndMessageChecker` is patched, do we need this patch here?
I'd rather not touch this code as it's really sensitive. And btw, reading from the Store by default gives you `UndefinedVal` so I'm not sure what case this helps with. For example, a `memset(0)` should also zero the padding bytes, thus if we happen to read that padding byte via a `char*` the Store should still model it and return the correct value instead of handing back `UndefinedVal`.

https://github.com/llvm/llvm-project/pull/145066
